Swype does not, and will not ever make money off of the data it collects from you. They do not sell ads. They do not sell information. The comment made on the CM review forum was a generalization about the larger Android app developer community, and in no way was intended to imply that Swype uses your data for ad revenue.

Update 2: Here's what Swype Community Representative Brian Resnik has to say about all this:

Swype Community Rep here (the guy who made the comments on Google Code).

Honestly, piracy is not our concern. We know there are pirates out there. Hell, if you look hard enough you can go find a pirate copy of Swype right now. We send DMCA notices when we see these sites, because if we don’t we lose our patents, and it kinda hurts to have your hard work get stolen. But all in all, the piracy thing isn’t our beef.

Our concern was over the reliability of our statistics. It’s important for us to have a reliable baseline when we look at things like: how many users have downloaded the most recent version; how many users got a previous version but not the latest; how many users have had to reinstall multiple times; how many users have switched devices in the past 6 months; how many users have devices of each screen size.

The key point there is that we need to have a reasonable assessment for how many users there actually are. Not just how many registered accounts there are (since people frequently register multiple times when they have trouble with a download); not just how many total installations there have been (the same user reinstalling after a device reformat shouldn’t count as a new user). For that, we need a unique hardware identifier.

As I was quoted as saying, HIDING that information is more or less okay: we just don’t get the info, it’s like you never installed it. SPOOFING the information, however, is really really harmful to our data collection. Even if only 5% of our users (and let me tell you this: CM users and ROMs based of CM source make up a SIGNIFICANT percentage of our beta users) were spoofing their ESN, it would completely trash our data analysis. Bad data devalues all the other data in the set.

THAT is why we brought this up in the first place.

I also want to point out that we went out of our way to contact the CM devs prior to any of the public discussions on this matter. I personally spoke with ciwrl this morning, who relayed our conversation to the rest of TeamDouche, and talked with him about our concerns, and ways in which we could all be happy. We want nothing more than to make sure that everyone involved gets the best experience possible.

Update: Let me be crystal clear: the proposed permission spoofing change in CM7 was 100% rejected, and will never be merged into the CyanogenMod source. Here's Steve Kondik's comment:

Yes, you read that correctly. The developers of the extremely popular, semi-exclusive third-party keyboard app Swype have been carefully watching the situation that has unfolded regarding a recent (proposed and rejected) CyanogenMod change adding the ability to "spoof" phone information that certain apps collect as part of their permission sets. This can include (among other things) device information, identification parameters, and user/app usage statistics.

With some less than squeaky-clean applications running around on the Market that may abuse those permissions, the concern is an understandable one. But is the solution (providing fake, aka "spoofed," data) proposed in a recently rejected CyanogenMod 7 change reasonable? According to Swype, the answer is a resounding "No." On the Google Code page for CyanogenMod, a Swype rep, in response to the permission spoofing change, had this to say (edited for length, emphasis ours):

... [T]here is a fine line between WITHHOLDING information and providing FALSE information. Now you're moving in the other direction: you're going from protecting yourself from a perceived threat to actually actively damaging the statistics collection and security of the application developer...

...Many companies, ours included, rely on the statistics they gather. There are a number of things these stats can provide, from analytics that are used to improve user experience, to ad revenue, to metrics that are necessary for maintaining server stability...

...[I]f spoofing becomes popular, and our statistics become useless, and our licensing becomes unreliable, the beta program could easily disappear. Without a way to justify to our OEM partners the fact that we give Swype away for free when they're paying for it, we'd have to shut it down...

If you want the tl;dr version, here it is, basically: the Swype beta for Android may end indefinitely if permission spoofing starts to corrupt Swype's data and collection and thus, its analysis efforts.

The entire reason for Swype's beta being free (though invite-only), according to them, is to provide the company with usage and user statistics in order to improve the app - increasing its appeal to phone manufacturers like Samsung, who are forced to pay licensing fees for the software when it ships on their handsets.

Denying access to that data, Swype says, isn't a great thing, but they don't see that becoming a widespread issue. But once users start actively falsifying their usage and identification information, an ethical line, Swype claims, has been crossed. How has the CyanogenMod team responded to the proposed permission spoofing change? The de facto leader of TeamDouche, Steve Kondik, posted this on the change's comments:

I would prefer that you didn't submit this

I am not sure that this is the direction I want to see CM go.

This will piss off developers, carriers, and probably Google.

Other members of the CM team have responded similarly - giving the change negative treatment in comments. It seems unlikely, at this point, that it will ever be committed CyanogenMod's source code (at least not in its present form).

Some users have complained that applications like Swype collect data that is of no reasonable use to them, such as IMEI numbers (sort of like your car's VIN#) - when other suitable unique identifiers exist. The problem is, there doesn't seem to be any argument as to how collecting that number could be readily or easily abused.

Others have gone into the realm of what could be, that Swype could one day decide to start collecting SIM serials and phone numbers through its application permissions (let me be clear, it does not), the latter of which could be personally identifying.

Proponents of spoofing have argued that there is "no good reason" for application developers to be collecting much of the data they do. Developers have generally said that regardless of the usefulness of the information (which may be used for improving an app, providing necessary data to maintain ad revenue, or general analytics), spoofing would invariably hurt Android and promote feelings of animosity between the ROM community and application developers.

And were the manufacturers and carriers to get wind of spoofing practices (if they were implemented in custom ROMs), it's likely new Android phones would start getting locked down tighter than Fort Knox. That's something I think we can all agree would be very, very bad.

The real question is: are the privacy concerns at play outweighed by the potential damage spoofing could cause to the Android community at large? I would say, confidently and without hesitation: Yes.

Comments

@Phonehand

Android is great because of its broad community of users and developers(app/rom). To do something that alienates part of that community will only hurt Android. Are devs that abuse the permissions called out?

Just because Cyanogen doesn't plan to add these features doesn't mean other ROM developers will follow suit.

I, for one, will be seriously pissed off if Swype cancels its beta because of stuff like this.

David Ruddock

Agreed - there are plenty less savory developers out there who would seek to implement this change.

TeamDouche and the CM team at large are an upstanding group of individuals in regard to the ethical standards they follow, but not everyone is.

Brian

How would this be any more "unethical" than blocking third-party cookies in a web browser? It's perfectly reasonable to not want to hand out your globally unique device ID to any random app that asks for it.

ocdtrekkie

The difference, Brian, is between blocking third party cookies, and generating falsified cookies.

It's not Swype's fault. The reason the Beta requires registration, is "closed", and has licenses and all that, is to keep the OEM's happy; by having DRM. It's the same reason Netflix, Google, Apple, Amazon, YouTube, and everyone else has DRM: To keep the studios/record labels/OEMs/etc. happy.

Blame the old companies (OEMs, studios, record labels) for refusing to update to the 21st century.

Ken

Oh, whatever. As users, we own our handsets and we're under no obligation to feed real data to Swype or anyone else.

This, "I'll take my ball and go home" childishness underscores the culture of entitlement you get from these guys. It's as if they own the devices.

Mr. S

You're also under no obligation to install their app.

David Ruddock

Again, I agree - developers who actually want to profit from their work have to follow ethical guidelines in regard to use of collected data if they ever want to be successful.

If you feel a developer is asking for too much, or don't trust them - the free market has a simple answer: speak with your wallet - don't use their product.

Zomby

Actually, you're under no obligation to install their app, just as much as they're under no obligation to provide it to you. They're using collected data to give their customer base a better product. If you chose to withold the information because of privacy concern that's your choice. But if you start providing false data they are entitled to not provide you with their app.

sfsdfsdf

Hey, I am beta Swype user and love it but you know what I love more? Privacy! In those days there's never enough privacy and every small light in the tunnel is appreciated.
I was considering installing Cyanogen on my N1 because of that falsifying permissions

Noone will loose money, Ad pages will display add and will count people as users but it will also give us privacy - so noone is loosing here.

Actually, Swype will lose money. If permission spoofing catches on, then their DRM is pointless. If the DRM is pointless, they'll have to close the Beta. If they don't close the Beta, the OEMs will pull out. If the OEMs pull out, Swype has no income.

Jaymoon

And why again doesn't Swype just sell their keyboard for $4.99 in the Market?

Seems like an easy enough solution from someone that grew out of Swype a year ago.

That's a very complicated question, but at this point the simple answer is because our business isn't structured to handle that scenario. The simplified answer is available at the bottom of our faq: http://beta.swype.com/android/faq

jason

regardless, it sounds like swype has problems with their app permissions. no app should need the phone id and a keyboard should not need network access considering it can capture full passwords. it just seems completely unsafe.

it appears slideit, a similar keyboard in the market, requires similar permissions and also includes writing to the sd card which is also unacceptable.

a keyboard should require almost no permissions.

unfortunately, there's no way to easily give feedback through the market when you decline to install an app because the permissions are unacceptable.

David Ruddock

Swype collects and sends back additional user and device data for analytics and improvement. That's why they collect more than the average keyboard - and that's how they're justifying it.

jason

those reasons are irrelevant and can be implemented differently without compromising user privacy and security.

advertising? there isn't any advertising in the swype app as far as i've seen.

improvement? that's a reason for analytics.

analytics? could easily be implemented by periodically generating a report and prompting the user if they want to email it and allow the user to view the data being sent. it's not like it needs to be realtime.

no need for a keyboard to have internet access.

in the swype case, only the installer has full internet access (obviously needed to download the actual app, which is annoying anyway). however, they could easily be passing the data from the keyboard to the installer to access the internet. they're currently retrieving the analytics somehow.

google has a blog post on their developer blog covering different acceptable ways to get a unique installation id.

Asking a user to review a report constantly would cause confusion and headaches. Aka, not a good idea.

Installer needs to download the app due to DRM. "Advertising" means "Hey OEM! Look how much people LOVE Swype! We have over 9,000 beta users on your really popular device! Why not license Swype from us, and include it in your next OTA?"

Franky

Still, I have to strongly support jason's point: An application which can track keystrokes and has internet-access... By the sound of it this could be a keylogger with "trust us, we're not evil" painted over it.

This is NOT to imply swype IS a keylogger. It's just to support the point that a keyboard with internet-access justifiedly makes people uneasy. After all everyone claims to be trustworthy. How should we average users know for sure how our data is used?

My opinion: Don't spoof, but give us a reliable way to block unwanted data-leaking into the web. I'll be fine with that.

jason

i would be happy if android market or install would have checkboxes next to the permissions. i check the boxes of the permissions i don't like and then there's a decline button next to install. pressing decline submits back to the developer the permissions i don't like as the reason i didn't install the app.

there needs to be a low friction way for this data to be given as feedback to the developer so they can make an informed decision on whether or not to change their permissions.

however, i still think the average user doesn't understand the consequences of permissions. much like everyone's not going to modify every piece of open source software, the fact that it's open means knowledgable people can and keep the devs honest.

btw, the dev providing a description of why they need a permission is useless since they can just lie. you're still trusting the developer. this is less of an issue with known developers, but plenty of well known apps want to access the phone identity when they shouldn't have any need. it also doesn't work because i can transfer my phone to someone else.

Ben

I would say, confidently and without hesitation: No.

You are buying into one future nightmare scenario*, David, that just as easily will never come to pass. And you hurry to give up more fine-grained control for users: unnecessary, dangerously compliant.

If a big percentage of users were to routinely distort data beyond usefulness, and if developers were to leave the field in scores, then we could revisit. It is fear mongering right now.

(*"damage ... to the Android community at large")

The root of the matter is poor, broad-stroked permission control and no revocation. Advancements have to happen, and applications need to be setup solid enough to handle exceptions gracefully. That's one difference between good and bad handiwork!

"All permissions" cannot be taken for granted. Nobody would accept a desktop application crushing w/o recovery simply because it happened upon a read-only file.

As things are now, spoofing is an ugly workaround against code shortcomings in exception handling. And there lies the solution.

idontcareaboutswype

I'm not in favor of discouraging developers to develop for Android - that being said, if they want to quit making free apps because some nifty people make something that will provide user protections against unethical practices - I'm completely for it. I dont use Cyanogen, nor do I use Swype. But, when I read CM was considering this, I started looking up instructions on how to put it on to my device in prep for when they released it.
CM should do it - others be damned. It sounds whiny and ridiculous on Swype's part to say something like this. I don't doubt it could hurt in some cases...lets be real though, if this wasn't a family website, I would hurl a few curse words their way.

Elias

App developers feel hurt about fake data being provided to them, but they see no problem gathering my phone state & id, coarse/gps location, contacts, modifying sd card content and requiring full internet access - even over my limited 3G data plan. Some of them might say they need your position for demographic statistics and/or to serve ads specific for your region. Yeah, sure. Why dont they also take my bank account and password "just" to check out how much money I have to make advertisement even more specific to my budget? This is ridiculous. Why the hell would Tap Tap Revenge NEED to know my location (yes, it does) with no way for me to disable it? Why the hell should Tap Tap Revenge need to have its process started as soon as the device boots? (yes, it also does this!)
Google definitely needs to create greater control over how reasonable are the permissions requested by an app - or, at least, give us a way to disable some permissions. Screw their interests! What about ours? We should be able to decide what we'll let them do with our data, not the opposite. The personal data is mine, the phone is mine, why should I let app developers decide what they're gonna do with my stuff? If they were reasonable with permissions, we would never need to worry about how to mess with their permissions.

Elias

Not a single time I've mentioned swype in my previous comment, but it is worth clarifying: I use swype because it doesn't have ads, it's useful, I like it and I don't think it demands excessive permissions. What gets me mad are all those stupid games and apps out there which require blatantly excessive permission, such as the mentioned Tap Tap Revenge. Some apps even find it fair to re-enable my wifi or mobile data if I disable it! This isn't abusive for a app such as Llama Profile Manager, but can be abusive depending on how a given app uses it.
Obviously some apps get revenue through ads - which are annoying, but justifiable. I can put up with with the ads, but I don't feel like feeding my data to advertising enterprises or to any company which doesn't make clear what they'll use my info for. Thats clearly not the case of swype people, who cared enough to come over here and explain their point, specify the info they collect and what they use it for. Thumbs up for you, guys! Developers should be more conscious about that, and should care about explaining to their customers why they need some permissions, and what kind of data they collect and send back home. Just telling which permissions are required, like android market already does, is not enough.
Even though swype makes a fair use of permissions, there are plenty of apps that doesn't - and that's why I still think there should be a way for users to block specific permissions for specific apps. Only then, for those apps which would refuse to work with abusive permissions denied, I find it fair to feed them fake data. Sure it's sad to resort to such a non-elegant way of making a app work while mantaining privacy, but google's not gonna evaluate permissions required by each app to block the abusive ones, so there should be a way for the user to control it. There should be no need for this if some devs weren't so invasive. So, who's wrong? As long as developers keep it fair with us, we keep it fair with them. I don't find it abusive for a user to block abusive permissions, and developers who purposefully make apps which won't work without abusive permissions deserve to be fed trash data. After all, I don't think people would be blocking permissions or feeding fake data for legit apps such as swype, which makes moderate use of permissions and is clear about how they use our info.

xFKNxWillisx

Aren't their certain apps in the rooting community that already block certain apps from accesses already?

I dont get the big deal anyhow....Swype hasn't released any updates, nor do they plan to. Go cry to someone who cares.

Swype Community Rep here (the guy who made the comments on Google Code).
Honestly, piracy is not our concern. We know there are pirates out there. Hell, if you look hard enough you can go find a pirate copy of Swype right now. We send DMCA notices when we see these sites, because if we don't we lose our patents, and it kinda hurts to have your hard work get stolen. But all in all, the piracy thing isn't our beef.
Our concern was over the reliability of our statistics. It's important for us to have a reliable baseline when we look at things like: how many users have downloaded the most recent version; how many users got a previous version but not the latest; how many users have had to reinstall multiple times; how many users have switched devices in the past 6 months; how many users have devices of each screen size.
The key point there is that we need to have a reasonable assessment for how many users there actually are. Not just how many registered accounts there are (since people frequently register multiple times when they have trouble with a download); not just how many total installations there have been (the same user reinstalling after a device reformat shouldn't count as a new user). For that, we need a unique hardware identifier.
As I was quoted as saying, HIDING that information is more or less okay: we just don't get the info, it's like you never installed it. SPOOFING the information, however, is really really harmful to our data collection. Even if only 5% of our users (and let me tell you this: CM users and ROMs based of CM source make up a SIGNIFICANT percentage of our beta users) were spoofing their ESN, it would completely trash our data analysis. Bad data devalues all the other data in the set.
THAT is why we brought this up in the first place.
I also want to point out that we went out of our way to contact the CM devs prior to any of the public discussions on this matter. I personally spoke with ciwrl this morning, who relayed our conversation to the rest of TeamDouche, and talked with him about our concerns, and ways in which we could all be happy. We want nothing more than to make sure that everyone involved gets the best experience possible.

David Ruddock

Brian, thanks for responding in a clear and direct manner, I'm sure many users of your application appreciate it. You're welcome to contact us if you have any concerns about the article.

Thank YOU, David, for your extremely impartial writing. You covered the issue incredibly well, and your analysis is spot on (though I'll agree with a previous commenter that the title is a LITTLE sensationalist, but hey, only a little, and that's the news biz heheheh)

Both are gChat enabled. Let me know if you prefer a different contact method

kohut321

Hey I know that this is not a Swype Q&A but I do want to ask something. I know that Swype ships with many manufacturers but knowing that HTC is bringing out they're own Swype like feature to their phones do you guys plan to eventually make the app available to the android market so you guys can update more often and remain competitive? I feel like my Swype needs an update it use to work to perfection before the 2.2 update on my Epic 4g (Galaxy S), and afterwards it still works great just not as effective as before...

GSX

If hiding the information is fine, then I don't see a problem. Privacy is the point here, and with Cyanogenmod it's now given though app permissions. Spoofing is unnecessary.

Ben

Problem being: You end up with a Force Close, because the app requests something it is now not allowed to have and does not handle this new situation. Alternatively, if you handed it ANY substitute information, it would work just fine.

Ideally the app would recover from these failed requests gracefully. However, that takes more effort on developer's side, and there is no incentive to do it. That will change only if individual revocation of permissions becomes accepted practice, through Android policy itself, or by wide-spread usage which can't be ignored.

spamcamefromandroidpolice

I think it might be appropriate to add "emphasis ours" in the quotes above where you have highlighted sections in bold. These sections are not in bold in the original, and the non-bold parts in between is where he explains that pressure from Swype's corporate customers would in fact be the deciding factor in shutting down the beta. I'm sure this is just a simple editorial thing that got missed, so please fix it. Thanks, and keep it classy Android Police!

David Ruddock

It's definitely indicated right before the block quote begins.

Someone

I just don't install applications that have excessive permissions that I can't justify.

For things like GPS, I just turn them off.

There's also usually a paid version of the app that doesn't require said permissions if said permissions are for advertising purposes.

Walking with your feet, eyeballs and wallet does wonders. Spread the word too.

Ben

Why shouldn't you be put into a position to revoke individual permissions, e.g. SMS privilege?
Everything could work as intended, and when it ever comes to sending a text you would get an error instead. (Or the app hides the option, or etc.) Every other user, who is fine with giving that permission, wouldn't have to bother. Nor would there be any need for a second, third, fourth version of the same app w/ a different feature set.

David Ruddock

This makes the app installation process extremely burdensome for all but the most tech-savvy users.

You think 90% of people who use Android phones want ANOTHER step (or set of steps) before they're able to access a newly installed app? I'm going to go ahead and say that the lost utility [ease of use] FAR outweighs benefit here. It's not a viable solution for anyone but the most paranoid of users.

Ben

What other step???

Nothing would change for your (imaginary, but for the sake of the argument) 90%, whatsoever!

Only an _interested_ party would go change something after install / on install.

I still believe the individual revoking of permissions is something that would hurt more than help. Some of those permissions are what keep certain apps free.

Analytics and statistics provide free information to developers on how their app is working for end users, and how end users use it - and some information about who their average user is. Invaluable information for improving an app.

On the same token, that information provides valuable data for optimizing ad serving, while other permissions allow the ad serving to take place in the first place.

If everyone could go denying these permissions, development costs would rise, ad revenue would fall (obviously the latter is not applicable to Swype). Know what that means? More paid apps, and longer development cycles.

Ben

In reality, that wouldn't be the case.

If your revenue depends on ads, your app's function is easily tied to granted networking permissions. Were they denied, a message would inform the user as to why the permission is essential and even help increase acceptance.

What _would_ happen is this:
A.) You find a great app, but it wants read privilege for your contacts, even though it's only needed for one obscure feature, which you're never going to use. You don't install. The developer gets no feedback as to why. They simply lost a customer.
B.) A developer would love to add more features to their app, but it isn't the core functionality, and they are afraid to scare off clients by excessive permission requests. So, they don't add to their app.

With a selective permission revocation BOTH could do it in good conscience!

It would only add to the Android ecosystem.

oliver

BRIAN>
How do you suggest we run your product (and others: HBO GO, XDA Pro, etc) on Android devices that do not have an IMEI? My Nook Color is one of those... as are several other wifi-only devices.

Currently, the only way for us to enjoy any of those apps is to spoof an IMEI.

Wait for us to release a version that's compatible with ESN-less devices :) It's being worked on, but a few other major projects have taken priority lately (you'll see the fruits of those projects very very soon). Our development workload has lightened a bit as we've hired more engineers and completed those major development projects, so you may see support for ESN-less devices in the beta update following the one we're going to be releasing in a couple weeks.

Lucian Armasu

Well, hopefully this is a wake up call for Google to make the damn permissions more granular! Just because an app needs access to ads, doesn't mean it should require "Full Internet Access".

They need to make permissions very clear, otherwise they are pointless and in the same time scary. Seriously, I bet 99% of the app installations go without people actually checking the permissions. I mean, if you actually want to try the app, and the only options are either to install it, and potentially risking to give the app access to most of your phone's data, you'll end up ignoring the permissions and simply install it.

But if this happens in 99% of the cases, what's the point of showing permissions anyway?they're just an extra click.

Zomby

It would be nice if developpers had a field in wich they could explain why they need each specific permission. It might feel less treathening if I actually knew what I'm agreeing to.

oliver

Fair enough. But, I have to be honest: my interest primarily concerns other apps since I don't use Swype (so, don't worry, you're not getting any false data from me...lol).

I use the hack mainly for HBO GO; and, since I'm a paying HBO customer, I'm not going to stop doing so.

Tonight, I'm going to recompile my framework.jar with a more unique IMEI based on my Nook's serial number, but that's the best I can do until each app developer releases a less intrusive/restrictive version of their app.

I think you all need to hurry and find a better way to collect your metrics, as every day there are more and more Android devices available that do not have an ESN...good luck! :)

Honu

I'm already spoofing all applications that are using my IEMI, cellID, cellName, phoneNumber... and others
Cause i don't like the way company use these datas... for metrics.. haha.. funny, try again... with something better.

Honest question: Why don't you like companies using install data such as device type, screen size, etc to analyze the types of cases their software is used in within their userbase? I would add to this that IMEI is necessary to bring perspective to these other stats; developers need to know how many unique device installations there are (so that one person reformatting their device 50 times doesn't count as 50 separate users) in order to have a baseline scale to run their analysis off of

Oliver

"device type, screen size, etc"
I can't speak for anyone else, but it's the "etc" in that sentence that concerns me the most. I also don't appreciate non-ESN devices being left in the lurch by apps I've paid for or otherwise obtained legitimately.

I hacked my device to run "Tegra2 only" apps as well. I paid for those apps, just as I also paid for the "IMEI Only" HBO-GO and XDA Pro apps, so I will do everything within my power to run them on my devices, regardless of whatever the devs themselves think of my doing so.

I'd much rather spend five minutes recompiling my framework.jar than spend weeks or months chasing devs around begging for non-ESN versions of their apps! Screw that!

too bad, so sad.

jason

the android market already gives total number of downloads and active installs. they also just added more statistics that break down installs by devices, country, etc.

usage stats should be tied to a unique installation and not the device. if i sell my phone to someone else and then they install your app, now your usage data is corrupted anyway since you're getting data from 2 different users.

Create an account on swype where people can, for example, save their dictionnaries.... With this account, not linked to the physical phone, you would be able to have your stats.
By the way.. i broke my phone.. réinstall swype on the new one... you get a new IEMI, does it means i'm a new customer ? => bad stats...
In France, when we born we get a unique number... for social security. Company can't use these numbers in their database...(Social security can) why...? Because a unique number will permit crossing datas from multiples databases... and this not acceptable.. this is an ethic problem, you certainly understand the reasons.. !

Honu

I'm not spoofing datas like screen res, processor.. etc, cause these informations are not personal.

jason

you already have to create an account to even use the swype beta which makes the whole thing that much more ridiculous.

for those who don't know, i'm fairly certain you can access device model, and definitely screen res, proc, ram, etc without any permissions.

Here's a new statistic for you: SwypeInc, please add +1 to the number of users who will never buy one of your products due to your whining on this issue, your suspect IMEI requirements / data collection, and your insistence that Cyanogen leave out IMEI spoofing. Even if they would have rejected the commit on their own, I will still continue to blame Swype for that decision.

I will also be sure to uninstall/delete your apps on any Android device I ever own while simultaneously recommending SlideIt to anyone I see running an Android device.

Suck it.

jason

SlideIT is even worse than swype when it comes to permissions. they are probably the poster boy for bad permissions: full internet, phone state and identity, SD card storage (wtf?), modify global system settings and prevent device from sleeping.

it's hard to imagine it could be much worse for a keyboard.

thumb keyboard is a good example of a previous permissions offender, but is now reasonable. they used to have full internet and phone id and i didn't buy. after they changed i did. although, they had no idea that the reason i didn't buy was because of the permissions.

reading contact data is initially suspect, but when you can't access the network or storage it's not an issue. it's also obvious why it's needed, to predictively match your contact names.

i wish google would stop putting apps in the "featured" section that have unnecessary permissions. it's the one editorial list they could wield some power with, but they don't. thumb keyboard was in the "featured for tablets" list when it asked for full internet access.

ultimately, the burden of proof is on the dev for wanting the permission. they should assume users want privacy and devs who argue against it start becoming more suspect because it just sounds like they don't know what they're doing.

sorry for the rambling.

Honu

Agree with "featured" section... Google should put "clean" apps on the front page.